ok here is the story, I changed laptop's admin password and an hour later I seemed to failed what is current password (somehow I might have slipped my finger/s into different button--twice ((for the confirmation of new password))

I tried for a day to reset the password using net user but I only have a guest log in enable which have no admin privilege, so I tried to system restore it, it is taking too long to wait so I decided to hit the sack earlier today I noticed that the laptop is turned off I check the power cable only to find out it wasn't plugged-in properly... I cold booted laptop after windows logo the screen is blacked out even in safemode.

so I have two problems.

1. to reset my account password and
2. to fix blackscreen

currently I am downloading a fresh copy of win 7 ultimate installer --- hoping to fix those two

I am open for suggestions---can i use ubuntu to reset windows admin password? any other programs that can sniff my password? like ophcrack something? (it only worked on my win xp though last 4 years ago)

Depending on the complexity of your pass you could try to crack it with something like ophcrack.
You could also try setting a password you know and copying over the password hash from a live cd but I've never actually tried that. I'm just sort of theorizing it might work.

Black screen issue:
Don't know, could be a lot of things. See if it boots a live cd to figure out if it's a hardware or a software issue.

From another computer download the iso and use a program like isoburner/cdburnerxp to burn the iso. Place in the laptop and hit F12/F8/ESC or sometimes it says press ? to change boot order. Once the cd loads it should be on the front page, Offline NT Pass Changer.

If you have utorrent, you can also google, MRI 5.7.2 torrent and find the geeksquad boot cd which has many automated tools.

From another computer download the iso and use a program like isoburner/cdburnerxp to burn the iso. Place in the laptop and hit F12/F8/ESC or sometimes it says press ? to change boot order. Once the cd loads it should be on the front page, Offline NT Pass Changer.

If you have utorrent, you can also google, MRI 5.7.2 torrent and find the geeksquad boot cd which has many automated tools.

Interesting idea about the Geeksquad disk. I've heard that they expire. I guess they look at the bios date/time? I guess a way around this is simply setting the clock backwards...Looking at TPB, there seem to be multiple versions.

In other news, I am also about to do a admin pass reset on one of my lap tops tonight. I acquired the laptop and setup a separate admin account with associated password, and promptly forgot the password lol. Of course my 'clue" is always vague. Now though, I have done this 3-4 times in the past year. I recently used a tool on Kali to do this, and previously used Backtrack. I can post my actual steps here later on if you guys want them.

Last edited by Thor on Thu Jan 09, 2014 5:27 pm, edited 1 time in total.

Thor wrote:I can post my actual steps here late one if you guys want them.

Please do. Though most of us probably know already, it's always useful to have a reference for this online.

I am, im getting around to a generic "writeup" on it. There are a few general ways to do this as im sure you are aware. I'm sort of revisiting this topic personally and im going to filter out what is good and what is not for the would be Windows password cracker out there.

Hi ramiia! Give a try with PCUnlocker, which can run from a CD or USB drive. Boot your laptop from it and it allows you to remove a lost Windows password in no time. But before getting started, you need to make a PCUnlocker CD using another computer which you have access to. Good luck!

jacklotm wrote:Hi ramiia! Give a try with PCUnlocker, which can run from a CD or USB drive. Boot your laptop from it and it allows you to remove a lost Windows password in no time. But before getting started, you need to make a PCUnlocker CD using another computer which you have access to. Good luck!

Best Wishes,
Jack

Please note this is not free software. There is a trail version but I'm not sure how that's limited in it's functionality but from the comments I've read it doesn't seem to be especially useful.

I have been especially busy lately and have been traveling, so I haven't gotten to a writeup just yet. And im not sure after using a variety of tools that what I was originally going to put out is as relevent now. I think a list of current, relevent password tools would be more useful now. However, I have had a couple of more laptops come into my possession needing unlocking, running WIndows 7. One of the best approaches I have been using for any sort of maintenance as well as password bypassing on these is simply using what is included in Hirens Boot cd; when you have physical access to the machine.

I put Hirens on a bootable USB and it simply makes tasks like this much easier. You don't really need to fool around with rainbow tables and the more technical security tools out there that I typically would go to for this. The task has been made easier over the years (was it ever truly difficult?). You can simpy either clear the password to blank, do that and reset it to something else or bypass it entirely with a few tools included like Konboot or the awesome "Offline NT/2000/XP/Vista/7 Password Changer". One of the more interesting things you can do with that is adjust account priveledges as well with that last tool.

I think it is worth noting that if you just need to get access to the machine then resetting the pass is probably the way to go. However if you need to be undetected in your access, or if you have a range of targets, recovering a password is usually preferable since it may give you more information and it may be reused in other places.

Cool_Fire wrote:I think it is worth noting that if you just need to get access to the machine then resetting the pass is probably the way to go. However if you need to be undetected in your access, or if you have a range of targets, recovering a password is usually preferable since it may give you more information and it may be reused in other places.

This is an excellent good point. One I hadn't really gave thought to lately because I have essentially just been forcing myself into boxes. I would bet money that whatever Windows password I discovered on the majority of the the boxes would be the same password used for many other accounts. On occasion I have used a password dump tool within Hirens as well, to see what web passwords are cached, usually they are all the same for multiple accounts listed. I think this is true for many normal users.

From another computer download the iso and use a program like isoburner/cdburnerxp to burn the iso. Place in the laptop and hit F12/F8/ESC or sometimes it says press ? to change boot order. Once the cd loads it should be on the front page, Offline NT Pass Changer.

It seems NT Password no longer works for Windows 10. Any alternative?

Last edited by cgcartz on Fri Mar 09, 2018 1:53 am, edited 1 time in total.

You can try kon-boot to bypass the login, but you won't get the password out.

Or you can try dumping the hashes with a tool that supports the new format for windows 10 password storage. I think mimikatz should be able to do this. Other tools will likely add support sooner or later.
Either way if you're dumping hashes you won't be able to take advantage of the Ophcrack rainbow tables anymore so you're back to brute force and dictionary attacks.

I don't know off hand if john the ripper or hashcat have implemented support for the new windows 10 format yet but either way you may be in for a long hash cracking session.